– [3.1.1](https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1) – [TYPO3-PSA-2019-007](https://typo3.org/security/advisory/typo3-psa-2019-007/) / [CVE-2019-11831](https://nvd.nist.gov/vuln/detail/CVE-2019-11831) – [TYPO3-PSA-2019-008](https://typo3.org/security/advisory/typo3-psa-2019-008/) / [CVE-2019-11830](https://nvd.nist.gov/vuln/detail/CVE-2019-11830) –
Archive for May, 2019
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
An update for rh-python35-python-jinja2 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact
An update for ruby is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
This update ships updated CPU microcode for most types of Intel CPUs. It provides mitigations for the MSBDS, MFBDS, MLPDS and MDSUM hardware vulnerabilities.
Both PHP 5.6 and PHP 7.0 reached End of Life at the beginning of the year, and are no longer receiving any security patches from PHP. With cPanel & WHM Version 80 moving to the current tier, we are also encouraging users to upgrade to supported PHP versions in EasyApache 4. To help with that, we are removing PHP 5.6 and 7.0 from our default EasyApache profiles. This change only impacts servers running our default …
It was discovered that the Lemonldap::NG web SSO system performed insuffient validation of session tokens if the “tokenUseGlobalStorage” option is enabled, which could grant users with access to the main session database access to an anonymous session.
It was discovered that incomplete validation in a Phar processing library embedded in Drupal, a fully-featured content management framework, could result in information disclosure.
Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into temporary microarchitectural structures (buffers). This flaw could allow an attacker controlling an unprivileged process to
An update for rhvm-setup-plugins is now available for Red Hat Virtualization 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for rhvm-setup-plugins is now available for Red Hat Virtualization 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
On May 14, fixes for CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,and CVE-2019-11091 were released into the Ubuntu Xenial and Bionickernels. These CVEs are security vulnerabilities caused by flaws in thedesign of speculative execution hardware in the computer’s CPU.Researchers discovered that memory contents previously stored in [More…]
The post Plesk Obsidian Preview: The Curtain Lifts appeared first on Plesk.
Netcraft recently discovered that French jewellery retailer Cleor—which operates 136 boutiques across France—was infected with a malicious JavaScript skimmer. The injected code sent the fraudster a copy of the credit card details entered by unsuspecting Cleor customers during the legitimate checkout process. Shopping Site Skimmers This attack has many of the hallmarks of JavaScript skimming […]
Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Samba’s Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation.
The update for ghostscript released as DSA 4442-1 uncovered an issue in cups-filters which was using the undocumented Ghostscript internal “pdfdict” now hidden in the ghostscript update. Updated cups-filters packages are now available to correct this issue.
VCFTools could be made to crash if it received specially crafted input.
An update for python-jinja2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for rh-ruby23-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the – -dSAFER sandbox being enabled).
Update to April 2019 CPU. See: http://mail.openjdk.java.net/pipermail/jdk- updates-dev/2019-April/000951.html
Update to April 2019 CPU. See: http://mail.openjdk.java.net/pipermail/jdk- updates-dev/2019-April/000951.html
**PHP version 7.3.5** (02 May 2019) **Core:** * Fixed bug php#77903 (ArrayIterator stops iterating after offsetSet call). (Nikita) **CLI:** * Fixed bug php#77794 (Incorrect Date header format in built-in server). (kelunik) **EXIF** * Fixed bug php#77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG). (CVE-2019-11036) (Stas) **Interbase:** * Fixed bug
1.6.2 when v5 client with Will message disconnects, where the Will message has as its first property one of `content-type`, `correlation-data`, `payload-format- indicator`, or `response-topic`. * Fix build for WITH_TLS=no. * Fix Will message not allowing user-property properties. * Fix broker originated messages (e.g.